Critical Bug Found In WordPress Plugin For Elementor With Over A Million Installations

 

A WordPress plugin with over one million installs has been found to contain a critical vulnerability that could result in the execution of arbitrary code on compromised websites.

The plugin in question is Essential Addons for Elementor, which provides WordPress site owners with a library of over 80 elements and extensions to help design and customize pages and posts.

"This vulnerability allows any user, regardless of their authentication or authorization status, to perform a local file inclusion attack," Patchstack said in a report. "This attack can be used to include local files on the filesystem of the website, such as /etc/passwd. This can also be used to perform RCE by including a file with malicious PHP code that normally cannot be executed."

That said, the vulnerability only exists if widgets like dynamic gallery and product gallery are used, which utilize the vulnerable function, resulting in local file inclusion – an attack technique in which a web application is tricked into exposing or running arbitrary files on the webserver.

The flaw impacts all versions of the addon from 5.0.4 and below, and credited with discovering the vulnerability is researcher Wai Yan Myo Thet. Following responsible disclosure, the security hole was finally plugged in version 5.0.5 released on January 28 "after several insufficient patches."

The development comes weeks after it emerged that unidentified actors tampered with dozens of WordPress themes and plugins hosted on a developer's website to inject a backdoor with the goal of infecting further sites.

Related articles

1. Hacking Tools Software
2. Pentest Tools Website Vulnerability
3. Pentest Tools Download
4. Hack Tools Mac
5. Hacker Tools Apk
6. Hackers Toolbox
7. Pentest Tools Linux
8. Kik Hack Tools
9. Black Hat Hacker Tools
10. What Is Hacking Tools
11. New Hacker Tools
12. Pentest Tools Windows
13. Pentest Tools For Windows
14. Pentest Reporting Tools
15. Hack Tools Pc
16. Android Hack Tools Github
17. Pentest Tools
18. Hack Tools For Ubuntu
19. Hack Tools Pc
20. Hacking Tools Online
21. Hack Tools For Pc
22. Best Pentesting Tools 2018
23. Pentest Tools Github
24. What Is Hacking Tools
25. Hacker Tools Free Download
26. Hack Tools
27. How To Make Hacking Tools
28. Hacking Tools For Mac
29. Tools 4 Hack
30. Nsa Hacker Tools
31. Hack Tools
32. New Hacker Tools
33. Hack Tools Github
34. Pentest Tools Online
35. New Hacker Tools
36. Underground Hacker Sites
37. Tools Used For Hacking
38. Pentest Tools Review
39. What Is Hacking Tools
40. Hack Tools Online
41. Blackhat Hacker Tools
42. Hacking Tools Windows
43. New Hack Tools
44. Hacker Tool Kit
45. Hacker Tools Online
46. Usb Pentest Tools
47. Android Hack Tools Github
48. Hacking Tools Github
49. Wifi Hacker Tools For Windows
50. Hacking Tools Github
51. Hackers Toolbox
52. Pentest Tools Online
53. Hacker Security Tools
54. Hacker Search Tools
55. Hacker Tools 2020
56. Hack App
57. Hacker Tools Mac
58. Pentest Tools Review
59. Hacker Tools Free Download
60. Top Pentest Tools
61. Best Hacking Tools 2020
62. Github Hacking Tools
63. Hak5 Tools
64. Hack Tools For Mac
65. Hack Tools Download
66. Easy Hack Tools
67. Pentest Box Tools Download
68. Hack Tools For Mac
69. Hacker Tools Linux
70. Hacker Tools Apk
71. Pentest Tools Linux
72. Tools 4 Hack
73. Pentest Tools Kali Linux
74. Hack And Tools
75. Pentest Tools For Mac
76. Pentest Tools Bluekeep
77. Hacking Tools For Beginners
78. Pentest Tools Subdomain
79. Beginner Hacker Tools
80. Hack Tools 2019
81. What Is Hacking Tools
82. Pentest Tools Free
83. Hacker Tools Linux
84. Pentest Tools Windows
85. Install Pentest Tools Ubuntu
86. Hacker Tools Apk
87. Pentest Tools Github
88. Hack Tools
89. Hacking Tools For Windows Free Download
90. Pentest Tools Open Source
91. Pentest Tools For Mac
92. Hacking Tools Software
93. Ethical Hacker Tools
94. Hacking App
95. Pentest Reporting Tools
96. Pentest Tools Android
97. Hak5 Tools
98. Growth Hacker Tools
99. Hacker Tools Apk Download
100. Hacking Apps
101. Best Pentesting Tools 2018
102. Hacker Search Tools
103. Hacker Tools Software
104. Bluetooth Hacking Tools Kali
105. What Is Hacking Tools
106. Pentest Tools Kali Linux
107. Game Hacking
108. Hack Tools Online
109. Hacking Apps
110. Hacker Tools For Ios
111. Hacker Tools 2020
112. Pentest Tools For Android
113. Pentest Tools For Windows
114. Hacking Tools For Pc
115. What Are Hacking Tools
116. Pentest Tools Framework
117. Hacker Tools Apk
118. Hacking Tools 2019
119. Hack Tools Github
120. Hacker Tools Apk
121. Hacker Tools List
122. Github Hacking Tools
123. Hacking Tools Kit
124. Hack Rom Tools
125. Hacking Tools For Windows 7
126. Pentest Tools Tcp Port Scanner
127. Pentest Tools Apk
128. Nsa Hacker Tools
129. Hack Tools Github
130. Termux Hacking Tools 2019
131. Pentest Tools For Windows
132. Pentest Tools Open Source
133. Hacker Tools For Windows
134. Github Hacking Tools
135. Hacking Tools Free Download
136. Hacking Tools Kit
137. Hacker Tools Software
138. Hacker
139. Hacking Tools Hardware
140. Hacking Tools For Games
141. Best Hacking Tools 2020
142. Pentest Tools Subdomain
143. Blackhat Hacker Tools
144. Hacker Tools Windows
145. Hacking Tools
146. Pentest Tools Website Vulnerability
147. Tools 4 Hack
148. Pentest Tools Linux
149. Hacking Tools Mac
150. Hack Tools For Mac
151. Pentest Tools Android
152. Hacker Tools Apk
153. Hacking Tools For Mac
154. Pentest Tools Windows